On This Page

Beyond the BEAST: A Broad Survey of Crypto Vulnerabilities

NCC Group's Cryptography Services | July 30-31 & August 1-2


This training is focused on drawing out the foundations of cryptographic vulnerabilities. These topics are timeless, and when the last application using ECB or CBC mode has upgraded - they'll be the foundations of the next evolution of impactful and popular cryptographic vulnerabilities. We'll talk about what attacks in the past took advantage of them, how algorithms and protocols have evolved over time to address these concerns, and what they look like now: where they're at the heart of the most popular bugs today. The other major areas we hit are cryptographic exploitation primitives such as chosen block boundaries, and more protocol-related topics, such as how to understand and trace authentication in complex protocols.

  • Module One focuses on what the right and wrong questions are when you're talking about cryptography with people - why focusing on matching keylengths isn't going to find you something exploitable and what will.

  • Module Two focuses on randomness, unpredictability, uniqueness. It covers the requisite info on spotting Random vs SecureRandom, but quickly dives deeper and talks about why randomness, uniqueness, and unpredictability are so important for constructions like GCM and stream ciphers (as well as CBC and key generation).

  • Module three focuses on integrity, and covers AEAD modes, how to use them safely and how to exploit them, disk encryption, encrypt-then-mac, and unauthenticated modes like ECB/CBC/CTR.

  • Module four is all about signatures. We talk about signature reuse, reinterpretation, and more - including one of our favorite flaws: the SSL 3 omission that persisted and was exploited in new ways for a full 19 years before finally being fixed.

  • Module five is about complicated protocols and systems deployed at scale, and how to trace through them, following how trust is granted, what its scope is, how it can be impersonated, and how the system falls apart when anything is slightly off.

  • Module six is Math. There's just no getting around it - but it also leads to some of the most impressive attacks. We look at several standards, many provably secure, and show how a slightest missing sanity check allows for an often-devastating adaptive chosen ciphertext attack on RSA, DSA, ECC, and unauthenticated block cipher modes.

  • Module seven tackles side channels, going in depth on the two aspects of cryptographic oracles: how the oracle is exposed and how to take advantage of what it tells you. We cover timing, error, and the CPU cache, starting off showing how to apply the attacks you've just learned, and then moving on to show how to extract key bits from hand-optimized algorithm implementations.

As we're wrapping up, because there's just so much interesting crypto out there, we'll lay out what news sources we read to keep up on the latest happenings in the cryptographic community and do a whirlwind tour of some interesting topics like wide-block constructions and hash-based digital signatures. Finally, we'll leave you with what findings and techniques have impressed us - the ones we think people will be using in the next decade of high-profile cryptographic attacks.

NCC Group is a world-wide organization that has brought together some of the biggest names in cryptography in North America. Matasano Security, who brought you CryptoPals.com and 'Crypto for Pen Testers', and iSEC Partners, known for its research and work on the TrueCrypt, Tor Browser, and other public and high-profile audits, have come together as NCC Group with a specialized Cryptography Services practice. Cryptography Services exclusively performs cryptographic consulting, research, training, and tracks industry and academic movements, producing insight into both the struggles organizations face day-in and day-out on practical difficulties, and what novel work is being done on the cutting edge of the field. This training is an extension of the research done day-in and day-out on our work leading engagements in the field, developing proofs of concept of attacks, and teaching cryptography to anyone who will sit still long enough to listen to us.

Who Should Take this Course

This course is targeted at students who have a strong interest in cryptography and some measure of cryptographic understanding (such as the difference between symmetric and asymmetric crypto). Cryptography is a very nuanced subject, but in the real world often falls to those without 20 years of study in the field. Students leave the course with a breadth of information that empowers them to better design and review cryptographic implementations and protocols. The ideal student has investigated one or more recent cryptographic attacks deeply enough to be able to explain it, but has not sat down and read PKCS or NIST standards describing algorithm implementation. No explicit understanding of statistics or high-level math is required, as the focus is on the underlying causes of the vulnerabilities. Some small experience of programming is recommended.

Student Requirements

Some level of familiarity and efficiency in a programming language of their choosing

What Students Should Bring

A laptop prepared with Python 2.7 and if they object to Python, an additional programming environment they are comfortable in

What Students Will Be Provided With

Course Materials, Slides, & Example Attack Implementations


Alex Balducci is a Senior Security Consultant at NCC Group's Cryptography Services. His experience includes security research, source code auditing, application security assessments, and software development - but his expertise is in cryptographic security including analysis and design of cryptographic protocols. Alex has given numerous presentations at several industry conferences. In 2015 he delivered NCC Group's "Beyond the Beast: Deep Dives in Cryptography" course at Blackhat USA and Blackhat EU. This two course examines modern issues affecting cryptographic implementations and protocols and delves into the nitty gritty implementation details. At BlackHat USA 2014 he spoke on the topic of practical cryptographic vulnerabilities in application software covering RSA padding oracles and subgroup confinement attacks on elliptic curve Diffie-Hellman.At Thotcon 2014 and Toorcon 2014 he spoke on the topic of power analysis attacks, including methods to retrieve DES and AES secret keys from a device running cryptographic operations using differential power analysis.

Javed Samuel is a technical director at NCC Group. Before joining NCC Group Javed spent 5.5 years at Oracle in the Database Security group working on various features for Oracle's Advanced Security Option (ASO). This included work on the Kerberos and SSL authentication adapters and Application Data Redaction. Javed then spent 1 year at Rearden Commerce an e-commerce platform company working primarily on web application security. He performed internal penetration testing (network penetration test and web application penetration testing), reviewed and triaged external penetration testing, reviewed architecture and design changes and also worked with auditors to successfully complete PCI and SSAE16 audits. Javed obtained an MEng and BSc in Computer Science MIT where he completed a number of computer security and cryptography classes. His MEng thesis was in geometric algorithms: Lower bounds for Embedding the Earth Mover Distance Metric into Normed Spaces. He obtained a Rhodes Scholarship and completed an MSc in Applied and Computational Mathematics at Oxford University. He completed his thesis on analyzing a mathematical model of the spread of computer viruses: The Fitness Network: Properties and Epidemic Dynamics. During his time at NCC Group, Javed has worked on and tech led multiple web application security projects, numerous design/architecture review projects and some mobile and network security projects. Javed has significant design/architecture experience from his NCC projects as well from prior work experience.

David Wong is a Security Consultant at NCC Group's Cryptography Services. He has participated on several open source audits such as OpenSSL and Let's Encrypt, he also wrote a number of articles on cryptography technicalities for the Cryptography Services bulletin, the NCC Group blog, the Cryptography Services blog and his own blog www.cryptologie.net. He has been a trainer for a cryptography course at BlackHat 2015 Vegas, and has released a number of educational videos about cryptography on youtube. Besides that, he has been developing web apps for decades and has been covered by some news papers in France. He graduated from the University of Bordeaux with a Masters in Cryptography, and prior to this from the University of Lyon and McMaster University with a Bachelor in Mathematics.